Summary

Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Solution

Adobe recommends users update their software installations to the latest versions by following the
instructions below.
The latest product versions are available to end users via one of the following methods:

Users can update their product installations manually by choosing Help > Check for Updates.

The products will update automatically, without requiring user intervention, when updates are
detected.

These updates resolve vulnerabilities in the directory search path used to find resources that
could lead to code execution (CVE-2017-3012, CVE-2017-3013).

Note:

CVE-2017-3038 was resolved in 2017.009.20044 and 2015.006.30306, but the fix was incomplete for version 11.0.20. This vulnerability has been completely resolved in version 11.0.21 (August 2017 release).

Acknowledgements

Adobe would like to thank the following individuals and organizations for reporting the
relevant issues and for working with Adobe to help protect our customers: